Table of Contents
Advertisement
McAfee® Network Security Platform 6.0
Functional requirements
Following are the functional requirements to be taken care of:
Using anti-virus software with the Manager
If you plan to install anti-virus software such as McAfee VirusScan on the Manager, be
sure the MySQL directory and its sub-directories are excluded from the anti-virus scanning
processes. For example selecting
entire MySQL installation directory from the anti-virus scanning processes. Otherwise,
Network Security Platform packet captures may result in the deletion of essential MySQL
files.
Also exclude the Network Security Platform installation directory and its sub-directories
because temporary files are created there that might conflict with the anti-virus scanner.
Note:
the Manager software, the MySQL scanning exceptions will be created
automatically, but the Network Security Platform exceptions will not.
McAfee VirusScan and SMTP notification
From 8.0i, VirusScan includes an option (enabled by default) to block all outbound
connections over TCP port 25. This helps reduce the risk of a compromised host
propagating a worm over SMTP using a homemade mail client.
If applicable, identify the ports to be mirrored, and someone who has the knowledge
and rights to mirror them.
Allocate the proper static IP addresses for the Sensor. For the Sensors, you cannot
assign IPs using DHCP.
Identify hosts that may cause false positives, for example, HTTP cache servers, DNS
servers, mail relays, SNMP managers, and vulnerability scanners.
Install Wireshark (formerly known as Ethereal
http://www.wireshark.org) on the client PCs. Ethereal is a network protocol analyzer
for Unix and Windows servers, used to analyze the packet logs created by Sensors.
Ensure the correct version of JRE is installed on the client system, as described in the
Release Notes. This can save a lot of time during deployment.
Determine a way in which the Manager maintains the correct time. To keep time from
drifting, for example, point the Manager server to an NTP timeserver. (If the time is
changed on the Manager server, the Manager will lose connectivity with all Sensors
®
and the McAfee
Network Security Update Server because SSL is time sensitive.)
If Manager Disaster Recovery (MDR) is configured, ensure that the time difference
between the Primary and Secondary Managers is less than 60 seconds. (If the spread
between the two exceeds more than two minutes, communication with the Sensors
will be lost.)
If you are upgrading from a previous version, we recommend that you follow the
instructions in the respective version's release notes or, if applicable, the
Guide
.
If you install McAfee VirusScan 8.5.0i on the Manager
Preparing for the Manager installation
http://www.wireshark.com
...\Manager\MySQL
and its subdirectories will exclude the
14
Upgrade
the installation of
after
Advertisement
Table of Contents
